cs2d_assister[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

cs2d_assister.exe
Size

1019KB
MD5

ca2bef08934ba9a2e39b150216a74a36
SHA1

5b0517543ea017b3c69ec2e86802c1150f34bbef
SHA256

bbbf0c633805bdf8cf4391452435cac6614422b69f29337e6df52036c81eacf1
SHA512

29d5c7376befd736064e4405e0f84f014be7e45c81a50f2f4643f931fd64a9429fc844e2c5d379c66f17d79f1b10ebbd65fb8b27f07cf22c73c431f93a49965d
SSDEEP

24576:PmQuibShXqcOg832hrwlpVO+rg+AgWmu+Tr3qlqu:PH5YN88wSS/3qQu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cs2d_assister.exe

Files

cs2d_assister.exe
.exe windows x86

38cc1fe3022bae754ebbe848f129772c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

opengl32

glOrtho
glColor4f
glVertex2f
glBegin
glLoadIdentity
glBlendFunc
glLineWidth
glMatrixMode
glEnd
glEnable
glClear
glViewport

kernel32

GetModuleHandleA
QueryPerformanceCounter
GetTickCount
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
FormatMessageW
VerSetConditionMask
VerifyVersionInfoA
CreateFileA
GetFileSizeEx
GetModuleHandleW
SetThreadExecutionState
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
MultiByteToWideChar
GetProcessHeap
HeapFree
HeapAlloc
RaiseException
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
InitializeCriticalSectionAndSpinCount
GetSystemDirectoryA
QueryPerformanceFrequency
SleepEx
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
ReadProcessMemory
VirtualProtectEx
CloseHandle
Process32Next
GetLastError
CreateToolhelp32Snapshot
GetCurrentProcess
SetLastError
Process32First
GetConsoleWindow
GlobalAlloc
VirtualQuery
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryA
GetProcAddress
FreeLibrary
WriteProcessMemory
OpenProcess
Sleep

user32

GetRawInputDeviceList
GetRawInputDeviceInfoA
EnumDisplayMonitors
EnumDisplayDevicesW
EnumDisplaySettingsExW
EnumDisplaySettingsW
ChangeDisplaySettingsExW
ToUnicode
UnregisterClassW
UnregisterDeviceNotification
RegisterDeviceNotificationW
RegisterRawInputDevices
GetRawInputData
GetMonitorInfoW
MonitorFromWindow
SystemParametersInfoW
CreateIconIndirect
LoadImageW
DestroyIcon
LoadCursorW
GetClassLongW
SetWindowLongW
GetWindowLongW
PtInRect
OffsetRect
SetRect
ClipCursor
WindowFromPoint
ScreenToClient
SetCursor
AdjustWindowRectEx
GetWindowRect
SetWindowTextW
RemovePropW
GetPropW
IsZoomed
ReleaseDC
GetDC
SetForegroundWindow
GetSystemMetrics
MsgWaitForMultipleObjects
ReleaseCapture
SetCapture
MapVirtualKeyW
GetKeyState
SetFocus
GetActiveWindow
BringWindowToTop
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
SetWindowPos
MoveWindow
FlashWindow
SetLayeredWindowAttributes
GetLayeredWindowAttributes
DestroyWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
WaitMessage
PostMessageW
SendMessageW
GetMessageTime
PeekMessageW
DispatchMessageW
TranslateMessage
TrackMouseEvent
ShowWindow
GetAsyncKeyState
ClientToScreen
GetClientRect
FindWindowA
SetCursorPos
SetPropW
SetClipboardData
GetCursorPos
GetClipboardData
EmptyClipboard
SendInput
CloseClipboard
OpenClipboard

gdi32

CreateRectRgn
CreateBitmap
DeleteObject
CreateDIBSection
CreateDCW
DeleteDC
GetDeviceCaps
SetDeviceGammaRamp
ChoosePixelFormat
DescribePixelFormat
SetPixelFormat
SwapBuffers
GetDeviceGammaRamp

advapi32

CryptAcquireContextA
LookupPrivilegeValueA
AdjustTokenPrivileges
CryptReleaseContext
CryptGetHashParam
CryptGenRandom
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
OpenProcessToken

shell32

DragFinish
DragQueryPoint
DragQueryFileW
DragAcceptFiles

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext
ImmSetCandidateWindow

msvcp140

?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
_Xtime_get_ticks
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?good@ios_base@std@@QBE_NXZ
??Bios_base@std@@QBE_NXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
_Query_perf_frequency
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Throw_C_error@std@@YAXH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Random_device@std@@YAIXZ
?_Xlength_error@std@@YAXPBD@Z
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_sleep
_Query_perf_counter
_Thrd_detach

vcruntime140

memset
__std_exception_destroy
memcpy
strrchr
memmove
strchr
memchr
strstr
memcmp
__vcrt_GetModuleFileNameW
__CxxFrameHandler3
__std_terminate
__current_exception
__current_exception_context
_except_handler4_common
_CxxThrowException
__vcrt_LoadLibraryExW
__std_exception_copy

api-ms-win-crt-stdio-l1-1-0

__p__commode
ftell
__acrt_iob_func
fflush
fclose
fseek
__stdio_common_vfprintf
fwrite
_wfopen
__stdio_common_vsprintf
fread
__stdio_common_vsscanf
fputc
_set_fmode
_read
_lseeki64
fgetc
fgets
_open
fopen
fgetpos
_write
setvbuf
feof
_close
ungetc
fputs
_get_stream_buffer_pointers
fsetpos
_fseeki64

api-ms-win-crt-string-l1-1-0

strcpy_s
tolower
strpbrk
wcscpy
wcscmp
strcspn
_strdup
strtok
strncmp
strcpy
isupper
strcmp
strlen
strcat_s
strncpy
strspn

api-ms-win-crt-utility-l1-1-0

abs
qsort

api-ms-win-crt-heap-l1-1-0

free
realloc
calloc
malloc
_callnewh
_set_new_mode

api-ms-win-crt-convert-l1-1-0

atof
strtol
strtoul
atoi
strtoll
wcstombs

api-ms-win-crt-runtime-l1-1-0

exit
_beginthreadex
system
terminate
_invalid_parameter_noinfo_noreturn
_errno
strerror
_getpid
_initialize_onexit_table
__sys_nerr
_wassert
_controlfp_s
_configure_narrow_argv
_register_thread_local_exe_atexit_callback
_c_exit
__p___argv
__p___argc
_initialize_narrow_environment
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_unlock_file
_unlink
_stat64
_access
_lock_file

api-ms-win-crt-time-l1-1-0

strftime
_time64
_gmtime64

api-ms-win-crt-math-l1-1-0

_libm_sse2_pow_precise
_libm_sse2_log_precise
_libm_sse2_cos_precise
_libm_sse2_sin_precise
__setusermatherr
ceil
_libm_sse2_atan_precise
_libm_sse2_acos_precise
_CIfmod
_CIatan2
floor
_libm_sse2_sqrt_precise

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

normaliz

IdnToAscii

ws2_32

__WSAFDIsSet
accept
htonl
ioctlsocket
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
select
socket
setsockopt
ntohs
closesocket
recv
send
htons
getaddrinfo
WSAGetLastError
bind
connect
getpeername
getsockname
freeaddrinfo
getsockopt
listen
WSACloseEvent
WSACreateEvent
ntohl
gethostname
sendto
recvfrom
WSAEventSelect
WSAEnumNetworkEvents

wldap32

ord79
ord35
ord33
ord30
ord200
ord301
ord32
ord27
ord26
ord22
ord50
ord143
ord45
ord60
ord211
ord46
ord217
ord41

crypt32

CryptQueryObject
CertGetCertificateChain
CertFreeCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertCloseStore
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertOpenStore

Sections

.text
Size: 729KB - Virtual size: 728KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 157KB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38cc1fe3022bae754ebbe848f129772c

Headers

DLL Characteristics

File Characteristics

Imports

opengl32

kernel32

user32

gdi32

advapi32

shell32

imm32

msvcp140

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

normaliz

ws2_32

wldap32

crypt32

Sections

.text Size: 729KB - Virtual size: 728KB

.rdata Size: 98KB - Virtual size: 98KB

.data Size: 157KB - Virtual size: 4.6MB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 33KB - Virtual size: 32KB

.text
Size: 729KB - Virtual size: 728KB

.rdata
Size: 98KB - Virtual size: 98KB

.data
Size: 157KB - Virtual size: 4.6MB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 33KB - Virtual size: 32KB